You can protect yourself to a certain extent with regular backups of your site; but wouldn’t it be better not to let the bad guys have their way at all? Once your site has malware installed on it, any visitors to your site with PCs will likely get infected, and then Google will slap a big ugly graphic on your site’s homepage.

Anyone searching for you will read a warning message in the search results. Even worse, you infect hundreds of visitors before Google has a chance to notice.

Even if you get your site back up and running in short order, there is still the matter of clearing yourself with Google, which can take up to 2 weeks. At this point, I’d like to remind you of the old adage, “an ounce of prevention is worth a pound of cure.”

I have been a big fan of content management systems, especially WordPress, but their biggest strength—the modularity of Php—is also their biggest vulnerability. In other words, this moduularity is kind of like having a number of armored plates rather than one large sheet of metal protecting you: in between the plates you can still get stabbed—if your attacker knows where to press his blade.

Everyone who uses WordPress gets the same set of “plates”, and so this makes the attacker’s job that much easier. He knows where the vulnerabilities are. Larger companies with big budgets likely have devoted some time and money towards web security, and have likely plugged up their holes, or moved their plates around to keep potential attackers guessing. Small to mid-sized companies, however, are more liable to fly by the seat of their pants and hope for the best.

This is what web hackers are counting on, and as a result the largest growing segment of sites getting attacked is in small to mid-sized business websites. This is not good news, but fortunately there are some simple steps you can take to protect yourself. I will list some of the more common measures, but by no means is this a comprehensive list.

1. Use strong passwords.
2. If you are logging into your site from a PC, do regular scans to make sure your machine is clean. If you get keystroke logging software on your system it doesn’t matter how many times you change your password because someone else can see everything you are doing. If possible, limit other online activities that could compromise the computer you use to access your website or web hosting.
3. For wordpress sites, research and utilize the more popular and well-reviewed security plugins.
4. Periodically search the web (or create a Google Alert on this topic) for current threats to content management systems.
5. Hire a programmer to “harden” your WordPress installation. In other words, to make it hard enough to break in that the attacker will look for an easier target.

It’s just like if you leave your house with doors and windows unlocked: it doesn’t mean that you will get robbed, but if someone with thieving intent happens by, you don’t want to inadvertently roll out the red carpet. So do the right thing and visit the dentist once in awhile and install some security measures. You won’t be sorry.